This is the mail archive of the
mailing list for the glibc project.
Re: sparc 32-bit dirent broken
- From: David Miller <davem at davemloft dot net>
- To: fweimer at redhat dot com
- Cc: libc-alpha at sourceware dot org
- Date: Thu, 10 Oct 2013 15:17:53 -0400 (EDT)
- Subject: Re: sparc 32-bit dirent broken
- Authentication-results: sourceware.org; auth=none
- References: <20131010 dot 150549 dot 1493772166605383173 dot davem at davemloft dot net> <5256FB64 dot 3090803 at redhat dot com>
From: Florian Weimer <firstname.lastname@example.org>
Date: Thu, 10 Oct 2013 21:09:24 +0200
> On 10/10/2013 09:05 PM, David Miller wrote:
>> CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
>> broke dirent on sparc.
>> I suspect it has something to do with alignment. On 32-bit
>> sparc things must be aligned on a 64-bit boundary even though
>> "long" is only 32-bit. So that might have something to do
>> with the issue.
> Sorry about that. Can you post strace output showing the complete
> buffer that arrives from the kernel?
I'm currently testing simply putting that MIN() on reclen back,
I am almost certain that is going to fix things.